PRIVACY POLICY OF “KLINIKA DZINTARI” LTD

In order to ensure the economic activity of “Klīnika Dzintari” Ltd. as a service provider and employer, legal interests and compliance with regulatory acts, it is necessary for “Klīnika Dzintari” Ltd. to process personal data of customers/patients and employees. “Klīnika Dzintari” Ltd. has developed this Privacy Policy (hereinafter – the Policy) in order to comply with Regulation (EU) 2016/679 of the European Parliament and of the Council (April 27, 2016) on the protection of natural persons with regard to the processing of personal data and the free transfer of such data circulation and which repeals Directive 95/46/EC (General Data Protection Regulation) (hereinafter – the Regulation) to explain in a transparent and comprehensible manner the activities performed by “Klīnika Dzintari” Ltd. as a service provider and employer with the client/patient and employee to personal data, providing information on the purpose of data processing, legal basis, duration of processing, recipients of personal data, as well as the rights of customers/patients and employees in connection with personal data processing.1. Terms usedThe definitions of the terms used in the policy follow from Article 4 of the Regulation:

1.1. Personal data – any information relating to an identifiable or identified natural person, including, but not limited to: name, surname, personal identification number, correspondence address, telephone number, e-mail address, as well as special categories of personal data – all types of information in relation to a person’s state of health, religious, philosophical beliefs, trade union membership, race or ethnicity, political views, genetic or biometric data, if used for identification;

1.2. Manager – “Klīnika Dzintari” Ltd., unified registration no. 40003461335, legal address Jūrmala, Mežsargu street 4/6, LV-2008, telephone number: +371 67755140, e-mail address: dzintari@dzintari.lv (hereinafter – Clinic or Us);

1.3. Data subject – natural person who can be directly or indirectly identified and whose personal data is processed. Clients/patients and employees within the meaning of this Policy who are natural persons and who use the Clinic’s services, potential clients, natural persons who have not established a relationship with the Clinic and who are interested in the terms and/or costs of the Clinic’s services, former clients/patients, representatives of customers/patients, including contact persons and legal representatives, job candidates, current and former employees, persons present in the facilities or in the areas adjacent to them, users of information systems and websites, owners of real estate necessary for the provision of services, representatives of owners, natural persons involved in marketing activities (for example, in contests, promotions), as well as other physical persons whom the Clinic cannot currently identify, (hereinafter all together – You or the Client);

1.4. Recipient of personal data – natural or legal person, public institution, agency or other body to which personal data is or may be disclosed;

1.5. Data protection specialist – a person whose task is to inform and advise the Clinic and its Clients on the fulfillment of personal data protection requirements. In the event that the Customer wishes to contact the Data Protection Specialist, including to inquire about his rights as a Data Subject, he may use the address or means of communication specified in Clause 1.2 of the Policy.

2. Applicability of Privacy Policy2.1. The policy applies to ensure the protection of privacy and personal data in relation to:2.1.1. for natural persons – customers, patients and other recipients of services, employees, as well as third parties who, in connection with the provision of services to a natural person (patient, client), receive or transfer any information to the Clinic (including contact persons, payers, etc.);2.1.2. Visitors to the clinic office and other premises, including those for which video surveillance is carried out;2.1.3. Website maintained by the clinic for users.2.2. The policy applies to data processing regardless of the form in which the data is provided and processed.2.3. The clinic may set additional rules for certain types of data processing, which you will be informed about when you provide the relevant data.

3. Purposes (objectives) of personal data processing

3.1. To ensure the provision of services:3.1.1. in order to provide you with services and ensure the conclusion of contracts related to the provision of services (e.g. for identifying customers, communicating in matters related to the provision of services, conducting examinations and providing healthcare services, providing accommodation services), the following personal data of yours will be processed: identification data, contact information, service information, medical information, examinations, results, information about the contract, contact and specialist data of cooperation partners (e.g. data of medical institution specialists), health insurance policy and its number (if any), service code and name, signature, other unclassified and voluntarily provided data;3.1.2. for monitoring the execution of settlements, ensuring accounting measures, as well as for the purpose of preventing potential financial and organizational risks, in addition We will process your settlement information, which reflects the services received and their payment;3.1.3. in order for Us to defend our violated legal interests (e.g. by applying to court to recover a debt for the services received), in addition to the aforementioned, we will process legal proceedings information;3.1.4. in order to ensure the quality of services, for the provision of record-keeping measures, including archiving of information, as well as for consideration of customer submissions, requests, claims, and other types of communication, in addition We will process information contained in communication materials (e.g. correspondence), video recordings (personal image, appearance, behavior , actions taken), any other information that the data subject (You) will have indicated, information about the question under consideration and the answer provided;3.1.5. in order to provide you with important and up-to-date information about the services we provide, as well as to maintain the operation of the web pages, we will process information about the use of the website, the platform on which your device operates and the language of the device, the internet protocol address (if applicable).

3.2. For marketing and loyalty promotion:3.2.1. promotion of services and marketing activities (e.g. direct advertising aimed at the Client, collection of marketing statistics, analytics of service usage habits, etc.) are carried out for the purpose of promoting services, attracting and retaining customers. As part of this, We will process the following personal data of yours (depending on the specific event): identification information, information about the communication channels used, information about the opinion, information about the service, information about the use of web pages, information contained in communication materials (e.g. correspondence), contact information, social media information, etc. unclassified, project-specific information;3.2.2. in order for the communications provided by Us to be interesting and useful to You, We may use the information We have about You. Using the contact information provided by you, we also have the opportunity to reach you not only in the form of e-mails or text messages, but using the opportunities offered by digital marketing, also on other portals, applications (apps) or social networks that offer you the opportunity to reflect Our announcements (administration of commercial notices).

3.3. For the administration of corporate events:3.3.1. to ensure the organization of seminars and other events (including reception of visitors as part of events) and coverage in internal and external communication channels to ensure publicity, incl. in social networks, in order to inform the public about our activities, ensure the publicity of the organized events, as well as to promote social responsibility and improve representative relations, We process the following personal data of yours: identification data, information on access to premises and territory, contact information, photos, audio recordings, video recordings (image of a person (appearance, behavior, actions performed), recording time, date and recording location), other unclassified and voluntarily specified data or information, information specific to a specific project;3.3.2. organization and coverage of corporate and collective gathering events, etc. measures are taken to promote employee loyalty, motivation and collective cohesion. As part of the events, We process the following personal data: identification data, contact information, photographs, audio recordings, video recordings (personal image (appearance, behavior, actions performed), recording time, date and recording location), other unclassified and voluntarily specified data or information, for a specific project specific information;3.3.3. coverage of corporate events and preparation and presentation of informative publications on our administered websites, media and social network profiles (e.g. facebook.com, instagram.com, twitter.com, youtube.com) is done to promote the brand of the Clinic and the service offered visibility in order to ensure public information about the Clinic’s commercial activities, as well as to save information about events in Our archive. When choosing to publish some information, the clinic always tries to ensure that the published materials do not violate your rights and freedoms as a data subject. We respect your right to the inviolability of private life, while we are aware that we may not know all the facts and circumstances of the possible impact, therefore, in order to ensure fair data processing, you have the right to contact us and object to the reflection of your personal data.

3.4. To ensure the protection of security and other legal interests:3.4.1. in order to avoid security risks that can cause both physical damage to Our premises, employees and other visitors, as well as damage to information by compromising what we have, We carry out regular supervision and monitoring of events in the premises and territories using the established access regime, as also information recorded in video surveillance recordings. Also, We regularly monitor the information technology infrastructure, saving information on those cases when someone connected or tries to connect to Our systems and infrastructure. As part of this, the following personal data may be processed: identification data and position, information on access to premises and territory, contact information, video recordings (personal image (appearance, behavior, actions performed), legal proceedings information, other information related to the specific case;3.4.2. In order to protect the safety of the Clinic, Clients and employees and other legal interests, We maintain audit records of information systems, information technology security incidents (e.g. in case of unauthorized external access), as well as any type of malicious activity on information systems, any websites or applications (e.g. DDoS attack) prevention and investigation, prevention and investigation of personal data processing violations (e.g. illegal access to premises), provision of information to state authorities and other persons (e.g. police). As part of this, the following personal data may be processed (but not limited to): authentication and access information to systems and their use, information on access to premises and territory, information necessary for the performance of job duties and the realization of the company’s legitimate interests, information contained in communication materials (e.g. correspondence) information, social media information and expressed opinion, other unclassified and voluntarily specified data or information that the data subject has indicated in the submission, request, claim, proposal.

3.5. To ensure the employee recruitment process:3.5.1. when you apply for a job at the Clinic, we have a legal interest in processing all the information you will have included in your CV and application letter, evaluating the information provided in it, organizing the negotiation procedure, conducting negotiations and providing evidence that supports the legal course of the relevant process. In case of disputes, the information obtained during the selection process may be used to reflect its legal process;3.5.2. in case you are invited to a job interview, we will process the information provided during the job interview, completed tests or other tests and data obtained as a result of assessments. If the job interview will take place using online communication tools, your audio and/or video recording may be additionally processed;3.5.3. if in accordance with the provisions of Article 36 of the Labor Law, you will be sent for a health examination, we will process the information obtained during the health examination to make sure that you have no obstacles to occupying the relevant position;3.5.4. We will also process information related to the organization of the selection process (e.g. information about whether we have contacted you, notes about the time and progress of a possible meeting).

3.6. For the establishment and execution of employment legal relations:3.6.1. in order to conclude an employment contract with you, it is necessary to process the following personal data: identification data (name, surname, personal code, contact information (address, e-mail address, phone number)), information about salary and education, and other special conditions, if any, which govern our relationship and which are reflected in the employment contract. In order to verify your identity, we will ask you to present an identity document (passport or identity card);3.6.2. in order to calculate and pay your salary, we process the following personal data: name, surname, personal code, position, information about the bank and account number, information about absence, reliefs for tax calculation, if any, information about business trips, their duration, due allowances, information on how much and what taxes have been calculated;3.6.3. in order to provide you with a safe and healthy working environment, in accordance with the requirements of regulatory acts, we will send you to mandatory health examinations and process the information included in the mandatory health examination card. To achieve this purpose, your personal data will be processed such as name, surname, personal identification number, specified risk factor, information provided by the occupational therapist on the conditions so that you can perform your work duties;3.6.4. in order to fulfill the requirements set out in the laws and regulations regarding the training of employees to ensure safe and harmless working conditions, we will conduct briefings (e.g. on labor protection and fire safety issues), during which the following personal data of yours may be processed: name, surname and other identifying information, position held, as well as information about the briefings;3.6.5. in order to ensure safe working conditions for you, it may be necessary to investigate accidents at work by processing the following data of yours: name, surname, personal identification number, residential address, length of service, position, contact information (phone, e-mail), information about the circumstances of the accident, the severity of the injury and other information that may be necessary to fully investigate the accident, including information recorded using video surveillance or photo recording;3.6.6. You may need to go on business trips in the course of your work duties. In this case, in order to organize a business trip (order air tickets, apply for accommodation, etc.), the following personal data of yours may be processed: name, surname, personal identification number, contact information, data of personal identification documents;3.6.7. in order to evaluate your performance and your individual work results, We may process your personal data, including but not limited to name, surname, position, information on quantitative, efficiency and qualitative indicators of work achievement, competences and skills, learning needs and information about your interaction with colleagues and clients;3.6.8. after concluding an employment contract, in order to ensure access to IT resources, a user profile will be created for you in the information systems by creating an e-mail address, a user password, and information about the used authentication tool will also be recorded. For you, while performing your daily work duties, We will obtain information that will reflect how you use the Clinic’s information systems, when and what actions you performed in the resources assigned to you. In the event that you connect to information systems using remote work options, information about the equipment you use and the Internet Protocol (IP) address will be processed;3.6.8. Your personal data may need to be processed, including transferred to third parties, to ensure the economic operation of the Clinic. For example, a power of attorney can be prepared, which will indicate your name, surname, personal identification number, as well as documents certifying your professional activity can be submitted to third parties. Your name, surname and contact information may be indicated in correspondence with other natural or legal persons, as well as in cooperation agreements, if you are indicated as a contact person, or published on the manager’s website.

3.7. To fulfill the requirements of regulatory acts or to exercise the Clinic’s rights in accordance with regulatory acts:3.7.1. for providing information to state and local government control and pre-trial investigation institutions, other state and local government institutions within their competence (e.g. police or archives);3.7.2. for requesting information from state institutions or other authorized persons about the Customer in cases where it is permitted by law.

4. Legal basis of processing4.1. a contract has been concluded or will be concluded between you and the Clinic (e.g. employment or service contract). In this case, we will process your personal data if they are necessary for the performance of the contract or for taking measures at your request before concluding the contract. In the event that you do not provide the personal data necessary for concluding and/or executing the contract, We will not be able to conclude and/or execute the contract;4.2. The processing of your personal data is necessary to fulfill the legal obligations applicable to the Clinic specified in the regulatory acts. We are obliged to ensure the provision of your information to state institutions and the information systems under their management (e.g. to comply with the management obligations of accounting documents, as well as to archive documents, to inform about the start of employment);4.3. the processing of personal data is necessary to respect the legitimate (lawful) interests of the Clinic or a third party. Legitimate interests are rights, the implementation of which is permissible in accordance with regulatory enactments, including in connection with the contract concluded between you and the Clinic (e.g. to prevent potential financial and organizational risks, to provide evidence of the legal conduct of the personnel selection process);4.4. You have given your consent to the processing of your personal data, including in writing, electronically, as well as by telephone or using other solutions (e.g. in relation to participation in surveys, the use of personal data collected through cookies);4.5. the processing of personal data is necessary for the Clinic to fulfill a task performed in the public interest.

5. Term of personal data processing5.1. Your personal data is processed for such a period of time as it is necessary to achieve the purposes of personal data processing specified in point 3, including fulfilling the obligations set out in the regulatory acts, e.g.:5.1.1. we will keep patients’ medical records for 40 years after the last record was made or 15 years after the patient’s death;5.1.2. we will keep the information submitted by job applicants for 6 months, or if a complaint is received about the relevant selection process, until the complaint is examined and fully resolved, or if the basis for personal data processing is consent, then until the withdrawal of consent;5.1.3. employment contracts will be kept for 90 years from the person’s birth;5.1.4. information about OVP will be stored for 10 years;5.1.5. we will keep information about issued invoices and information related to payments for no less than 5 years, in accordance with the provisions of the Accounting Law;5.1.6. we will keep video surveillance recordings for no longer than 14 days;5.1.7. as long as your consent to the processing of personal data, e.g. marketing activities or cookie processing, is valid,5.1.8. if a complaint is received or the Controller’s legal interest is violated (e.g. there is a dispute about the amount of services received), the relevant information may be stored until the issue is resolved (e.g. until the final court judgment enters into force).

6. Personal data is processed through cookies In order to improve the functionality of the Clinic’s web pages and adapt them to your usage habits, as well as to obtain statistics on the actions performed, provide a personalized user experience and inform you about current events, the Clinic’s website processes cookies. Necessary or functional cookies are processed to meet the legitimate interests of the Clinic, while statistical and marketing cookies are processed if you have given your consent to the processing of these cookies. Regarding the processing of personal data, which is carried out through cookies, detailed information is available in the Cookie Policy on the Clinic’s website.

7. Disclosure of personal data outside the European Union7.1. In some cases, the Clinic may transfer your personal data outside the European Union (e.g. when online communication tools such as WhatsApp, Skype or others are used) or data storage solutions that provide services outside the European Union, or by engaging third parties that assist the Clinic to perform the tasks of economic activity mentioned in the Policy and are located outside the European Union. For statistical and marketing purposes, the Clinic may also use third-party cookies (e.g. Google, Facebook), where the information generated by the cookies may be sent and stored outside the European Union.7.2. In each individual case, the clinic chooses the special personal data protection guarantees specified in the Regulation (e.g. standard clauses with the recipient of personal data or use exceptions, such as the need to fulfill the concluded contract or your consent to data processing).

8. Who will receive your personal data8.1. The processing of your personal data will be carried out by authorized employees of the Clinic, in accordance with the scope determined in their work duties, in compliance with the requirements set forth in personal data protection and other regulatory acts, as well as the personal data processing requirements set forth in the internal regulatory acts of the Clinic.8.2. We can transfer your personal data to the following recipients of personal data, if this does not contradict the applicable regulatory enactments (e.g. transfer personal data to processors (collaboration partners who provide the Clinic with support in providing services), with whom an agreement meeting the requirements of the Regulation has been concluded) :8.2.1. accommodation service providers;8.2.2. information systems consultants;8.2.3. advertising and marketing service providers, event organizers;8.2.4. legal service providers;8.2.5. real estate management and administration service providers;8.2.6. economic activity assurance service providers;8.2.7. printing service providers;8.2.8. out-of-court debt recovery service providers;8.2.9. security and safety service providers;8.2.10. insurance service providers;8.2.11. postal and delivery service providers;8.2.12. audit and audit service providers;8.2.13. banks and other payment and financial service providers;8.2.14. cookie managers;8.2.15. for maintainers and service providers of online communication channels;8.2.16. secure electronic signature for verifiers;8.2.17. Your authorized persons or representatives;8.2.18. state and local government institutions;8.2.19. law enforcement authorities, courts.8.3. We may receive information about you from third parties, such as:8.3.1. cooperation partners who help Us accept payments from You;8.3.2. other medical institutions and specialists.

9. Data subject (Your) rights As a data subject, you have the following rights regarding the processing of your personal data:9.1. Access rights:9.1.1. access your personal data and receive information from the Clinic about the processing of your personal data. If the information provided in the Policy does not seem comprehensive enough to you, then using the contact information specified in point 1.2, you can request to provide information about the purposes of your personal data processing, the types of personal data and categories of recipients, the storage period of personal data, your rights regarding data processing and personal data receiving source;9.1.2. receive a free copy of your personal data processed by the Clinic. If requests for copies are manifestly unreasonable or excessive, in particular due to their regular recurrence, the Clinic may determine a reasonable fee justified by administrative costs or refuse to fulfill the request.9.2. The right to correction – if you notice inaccuracies in your personal data, you have the right to request that the Clinic correct the inaccurate data.9.3. Right to deletion – You have the right to request that the Clinic delete your personal data if:9.3.1. personal data are no longer necessary to achieve the purposes specified in the Policy;9.3.2. You withdraw your consent on the basis of which personal data was processed;9.3.3. You object to the processing in accordance with Article 21, Clause 1 of the Regulation, and the Clinic does not indicate convincing legitimate reasons for the processing that are more important than the interests, rights and freedoms of the data subject;9.3.4. personal data has been processed illegally;9.3.5. personal data must be deleted in accordance with the requirements of regulatory acts.In certain cases, the Clinic will not be able to fulfill your request to delete personal data. This applies to cases where, in accordance with regulatory enactments, the Clinic is obliged to process your personal data (e.g. to perform accounting and save information about the remuneration calculated for you). Similarly, data deletion is not possible if the processing is necessary to fulfill a task carried out in the public interest, including the public interest in the field of public health, for archiving or statistical purposes, as well as to raise, implement or defend legal claims, as well as if personal data correction or deletion is not possible without affecting the integrity of the records. Namely, in the mentioned cases, the right to request the deletion of your personal data is limited.9.4. The right to restrict the processing of personal data – You have the right to request that the Clinic restricts the processing of your personal data if:9.4.1. You believe that inaccurate data is being processed (for the time that the Clinic checks the accuracy of personal data);9.4.2. You believe that the processing is illegal, but you do not want to delete this personal data;9.4.3. The clinic no longer needs your data to achieve the specified purpose, but you need them to raise, implement or defend legal claims;9.4.4. You object to processing in accordance with Article 21, Clause 1 of the Regulation, until it has been verified whether the legitimate reasons of the Clinic are not more important than the legitimate reasons of the data subject.9.5. The right to object to processing – You have the right to object at any time to the processing of your personal data, which the Clinic has based on Article 6, Clause 1, subparagraph f) of the Regulation, i.e. legitimate interest. The clinic is entitled to continue processing your personal data if it indicates compelling legitimate reasons for processing that are more important than your interests, rights and freedoms, or to raise, exercise or defend legal claims.

9.6. The right to withdraw consent – in cases where you have given consent to the processing of certain personal data, you have the right to withdraw it at any time, however, such withdrawal of consent does not affect the legality of the processing, which is based on consent before the withdrawal. You can use Policy 1.2 to withdraw consent. specified contact information.

9.7. The right to portability – You have the right to receive your personal data, which you submitted to the Clinic, in an organized, widely used and machine-readable format (processed electronically or in information systems), and you have the right to request that the said data be sent to another manager (service provider) if this data are processed on the basis of contract or consent. The right of portability applies only to the data that you, as the data subject, have submitted to us.

9.8. The right to submit a complaint – You have the right to submit a complaint to the Clinic, as well as to the State Data Inspectorate, if you believe that the Clinic has violated your rights or has not sufficiently protected your personal data. However, before contacting the State Data Inspectorate, please contact Us or a Data Protection Specialist to find a solution if your right to personal data protection has been violated.

10. Request submission procedure10.1. To exercise all the rights mentioned in the previous paragraph, you can use the contact information of the Clinic specified in the Policy, specifying the following personal data in the request: name, surname, personal identification number, postal address (if you want to receive the answer by registered letter) or e-mail address (if you want to receive the answer by e – the postal address from which you sent the request).10.2. We invite you to submit your request in one of the following ways:10.2.1. send a free-form submission electronically to e-mail by signing an e-mail with a secure electronic signature;10.2.2. send your signed free form application by mail;10.2.3. submit a free form application signed by you in person at the address of the Clinic.

  1. General provisions

The Clinic may make changes to the Policy by posting relevant information about the changes on its website.

 

PRIVACY POLICY OF “CLINIC DZINTARI” Ltd. – until October 16, 2023

The objective of the privacy policy is to provide information on the purpose, amount, protection and period of data processing from a person – data subject – at the moment of obtaining the data and during the processing of the personal data of the subject.

  1. Controller:
    • Personal data processing controller is Klīnika Dzintari Ltd. (Clinic Dzintari) (hereinafter – the Clinic), unified registration No. 40003461335, legal address Jūrmala, Mežsargu street 4/6, LV-2008.
    • The contact information of the clinic on the issues associated with personal data processing is: dzintari@dzintari.lv. Use this contact information for requests on personal data processing, or request at the legal address. Requests regarding the implementation of your rights can be submitted in accordance with this Privacy Policy.
  2. Applicability of the Privacy Policy
    • Personal data is any information on an identified or identifiable person.
    • The privacy policy is applicable for the purposes of ensuring privacy and personal data protection as regards:
      • persons – customers, patients and other service recipients, as well as third parties, who receive or submit any information associated with the provision of services to natural persons (patient, customer) to the Clinic (including information on contact persons, payers, etc.);
      • Visitors of the Clinic, including the visitors that are subject to video surveillance;
      • Users of the internet website maintained by the Clinic;

(hereinafter all jointly – the Customers).

  • The Clinic will take care of Customer privacy and personal data protection and observe the Customer’s rights for the legality of personal data processing in accordance with Regulation 2016/679 of the European Parliament and of the Council of 27 April, 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter – the Regulation) and other regulatory enactments in the area of privacy and data processing.
  • The privacy policy will refer to data processing irrespective of the form of data submission or processing.
  • The clinic may establish additional regulations for certain types of data processing, regarding which the Customers are informed at the moment, when they provide the respective data.
  1. Purposes of processing – The Clinic processes personal data for the following purposes:
    • Provision of services;
    • Customer identification and servicing;
    • Drafting and conclusion of services;
    • Performance of contractual liabilities and provision of services;
    • Advertising and distribution of services or commercial purposes;
    • Review and processing of applications, complaints and claims;
    • Customer satisfaction measurements;
    • Administration of payments, debt recovery and enforcement;
    • Maintenance of the website and improvement of its operation;
    • Planning and advertising;
    • Performance of Customer polls;
    • Within the framework of risk management activities.
    • Provision of information to state government institutions and operative work subjects in the cases and within the scope provided for by external regulatory enactments.
    • For other specific purposes, regarding which the customer shall be informed before the provision of their personal data.
  2. Legal basis of personal data processing
    • for the conclusion of the contract and execution thereof – in order to conclude a contract, pursuant to the application, and to ensure its performance;
    • for compliance with the regulatory enactments – to perform the duties provided for by the regulatory enactments;
    • consent of data subject;
    • in legal (legitimate) interests – to implement the following legitimate (lawful) interests of the Clinic arising from the existing liabilities or concluded contract:
      • conduct of commercial activities;
      • ensuring of the performance of contractual liabilities;
      • storing of applications for the provision of services, other applications, notes about them, incl., verbal applications, applications drawn up on the internet website;
      • creation and development of services;
      • advertising of services by sending commercial statements;
      • sending other statements on the procedure of contract performance and events important for the execution of the contract, as well as performance of Customer polling about the services;
      • provision and upgrading of service quality;
      • administration of payments;
      • administration of payments not performed;
      • applications to central government and operative institutions and courts for the protection of the legal interests of the company;
      • informing the public on company operation.
  1. Personal data processing and protection
    • The Clinic will process and protect data by using the opportunities provided by contemporary technologies, considering the existing privacy risks and reasonably available organizational, financial and technical resources.
    • The Clinic may authorize its co-operation partners to perform individual service provision actions to ensure high quality and operative performance of assumed contractual liabilities, for instance, accommodation services, drafting of invoices, etc. If, during the performance of these tasks, the co-operation partners process the personal data that are at the disposal of the Clinic, the respective co-operation partners are considered to be the data processing operators (processors) of the Clinic and the Clinic is entitled to submit the personal data required for the performance of these operations in the amount that is required to perform such operations.
    • The co-operation partners of the Clinic in the status of data processors shall ensure compliance with personal data processing and protection requirements in accordance with the regulatory enactments and will not use the personal data for other purposes, apart from the performance of the agreed contractual liabilities on the commission of the Clinic.
  2. Categories of personal data recipients
    • The Clinic will not disclose personal data or any information obtained during the service provision and the effective period of the contract, including information on the character and nature of the services, etc., except for situations:
      • where the data must be submitted to the third party within the framework of the concluded contract to perform a function required for contract performance or a function delegated by the law, (for instance, to the bank within the framework of payment performance or in order to provide service);
      • where clear and unambiguous consent of the data subject has been received;
      • where the information must be provided to persons indicated in the regulatory enactments based on justified request of such persons, in accordance with the procedures and in the amount provided for by the regulatory enactments;
      • where the legal interests of the Clinic must be protected in the cases provided for by the regulatory enactments, for instance, when resorting to legal action or applying to other state institutions.
  1. Disclosing of personal data beyond the European Union
    • The Clinic does not transfer personal data outside the European Union.
    • If required, the Clinic will ensure the procedures provided for by the regulatory enactments in order to ensure the level of personal data processing and protection that is equivalent to the level provided for by the Regulation.
  2. Duration of personal data storage
    • The Clinic will store and process personal data, while at least one of the following criteria exists:
      • the concluded contract is in effect;
      • in the cases provided for by the regulatory enactments in the amount and within the period provided for by them;
      • while any of the parties has a legal duty to store the data;
      • the consent of the data subject to the processing of the personal data of the respective person is in effect, unless other legal grounds for data processing exists.
    • Upon the expiry of the data storage period, the personal data shall be deleted or destroyed.
  3. Access to personal data and other rights
    • The Customer will be entitled to receive the information associated with their data processing that has been provided for by the regulatory enactments.
    • In accordance with the regulatory enactments, the Customer is entitled to request access to their personal data, as well as to request the supplementing, amending or deletion of processed data, or limitation of data processing, as well as they are entitled to object to data processing (including the processing of personal data that has been performed based on the legal (legitimate) interests of the Clinic), as well as the Customer will have the right to transferability of the data. These rights will be implemented as long as data processing is not contingent on the duties of the Customer that are enforced by the effective regulatory enactments and it is not performed in the public interest.
    • The customer can submit a request for the implementation of their rights:
      • in writing personally at Mežsargu street 4/6, Jūrmala, by demonstrating a personal identification document;
      • by an electronic mail letter, which is signed by a secure electronic signature.
    • Upon the receipt of the Customer’s request for the implementation of their rights, the Clinic will verify the identity of the Customer, evaluate the request and satisfy it in accordance with the provisions of the regulatory enactments.
    • The clinic will send the reply to the received request by mail to the indicated contact address in a registered letter, or issues personally, considering the method for the receipt of the reply indicated by the Customer as much as it is possible.
    • The Clinic will ensure compliance with data processing and protection requirements in accordance with regulatory enactments and, in the event of objections, take action to resolve objections. However, if resolution of the objections fails, the Customer is entitled to apply to the supervisory institution – Data State Inspectorate.
  4. Consent to data processing and the right to recall it
    • If data processing of the customer occurs in accordance with the consent to personal data processing, the Customer is entitled to recall consent given for data processing at any moment in the same way as it was given and, in this case, further data processing that is based on the consent given previously will no longer be performed.
    • The recalling of consent does not affect the data processing that had been performed at the time when Customer consent was in effect.
    • Upon the recalling of consent, the data processing that is performed based on other legal grounds cannot be terminated.
  5. Communication with the Customer
    • The Clinic will communicate with the Customer by using the contact information indicated by the Customer (telephone number, e-mail address, postal address);
    • Communication regarding the provision of services and the performance of contractual liabilities will be performed by the Clinic based on the concluded contract or customer consent.
  6. Commercial statements
    • Communication on the commercial statements on the services of the Clinic and/or third parties and other statements not directly related to the provision of the contractual services (for instance, customer polls) shall be performed by the Clinic in accordance with the provisions of external regulatory enactments or in accordance with the Customer consent.
    • The Customer can give consent to the receipt of commercial statements of the Clinic and/or its co-operation partners in the consent forms to the services of the Clinic, on the internet website of the services (for instance, application forms for the receipt of news).
    • The consent given by the Customer to the receipt of commercial statements will be in effect until it is recalled (including the termination of the service contract). The Customer may refuse to receive further commercial statements at any time in one of the following ways:
      • by sending an e-mail to the address dzintari@dzintari.lv;
      • personally  at Mežsargu street 4/6, Jūrmala;
      • by using the automated option of refusal to receive further statements provided within the commercial statement, by clicking on the refusal link at the end of the respective commercial statement (e-mail).
    • The Clinic shall terminate the delivery of commercial statements, as soon as the Customer’s request is processed.
  1. Visiting websites and processing of cookies
    • The websites of the Clinic can use cookies.
    • The website of the Clinic can contain links to third party websites that have their own publishing and personal data protection regulations that the Clinic shall not be liable for.
    • Cookies are small text files that are saved by the web browser (for instance, Internet Explorer, Firefox, Safari, etc.) on the end device of the user (computer, mobile phone, tablet) at the moment when the user visits the website to identify the web browser or information, or settings stored on the browser. Thus, cookies allow the website to store individual settings of the user, recognize the user and react appropriately with the purpose of improving the experience of the use of the website. The user can disable or limit the use of cookies, however, adequate use of all website functions without cookies will be impossible. Depending on the performed functions and the purpose of use, mandatory cookies, functional cookies, analytical cookies and targeted (advertising) cookies can be used.
    • Mandatory cookies. These cookies are required to enable the user to freely visit and browse the website and use the options offered by the website, including the option of acquiring information on services and the purchasing thereof. These cookies identify the device of the user, but do not disclose the identity of the user, as well as they do not collect and summarize information. The website cannot function adequately without these cookies, for instance, provide the required information to the user, ensure the required services or application for services. These cookies are stored on the device of the user until the moment when the web browser is closed.
    • Functional cookies. Functional cookies are used by the website to remember the settings selected by the user and options made by the user in order to make the use of the website more convenient. These cookies are constantly stored on the device of the user.
    • Analytical cookies. Analytical cookies summarize the information on how the user uses the website, detect the most frequently visited sections, including the content that the user chooses, while browsing the website. The information is used for analytical purposes to determine what the users of the website are interested in and to improve the functionality of the website by making it more user friendly. Analytical cookies only identify the device of the user, but do not disclose the identity of the user. In individual cases, some of the analytical cookies are managed by third persons – data processors (operators), for instance Google Adwords, on behalf of the website owner in accordance with the website owner’s instructions and only in accordance with the indicated purposes.
    • Targeted (advertising) cookies. Targeted (advertising) cookies are used to summarize the information on the websites that are most frequently visited by the user and offering the services of the Clinic or co-operation partners that the particular user is interested in or to present the offers that conform to the interest demonstrated by the particular user. Usually these cookies are placed by third persons, for instance, Google Adwords with the consent of the website owner. Targeted cookies are stored on the end-device of the user constantly.
    • Cookies are used to improve the experience of websites and homepages:
      • ensure the functionality of websites;
      • adapt the functionality of the website to usage habits of the user – including language, search requests, previously reviewed content;
      • obtain statistical data about the visitor flow of the website – number of visitors, time spent on the website, etc.;
      • user authentication.
    • Unless specified otherwise, cookies are stored until the operation, for the purpose of performance of which they have been collected is completed, and then they are erased.
    • Cookie information is not transferred for processing outside the European Union and EEU.
    • Upon a visit to the website, a window with the notification that cookies are used on the website is displayed. By closing this notification window, the user confirms that they have read the information on cookies, purposes of their use, cases where cookie information is transferred to a third party and agrees to them. Respectively, the legal basis for the use of cookies is the consent of the users. If, while using the website or homepage, the user concludes a contract – the processing of cookies is required for the performance of the contract with the user, or for the Clinic to perform their legal duty or implement their legal interests. Limiting or deletion of cookies is possible by using the safety settings of any web browser. However, it must be considered that it is impossible to refuse to use mandatory and functional cookies, because it is impossible to ensure appropriate use of the website without them.
  2. Miscellaneous provisions
    • The Clinic is entitled to amend the Privacy Policy, by making it accessible to the Customer on the website or the paper form of the Clinic.
    • The Clinic stores the previous editions of the Privacy Policy and they are accessible on the website of the Clinic.